PNNL

Abstract

Pattern matching is at the core of many security applications, like Network Intrusion Detection Systems (NIDS), spam filters and virus scanner. The always growing traffic on networks requires the ability to recognize potentially malicious signatures effectively, fastly and possibly in real time, without afftecting the performance and the latencies of the connections. Unfortunately, pattern matching is a computationally intensive procedure which poses significant challenges on current software and hardware implementations. Graphic Processing Units (GPU) have become an interesting target for such high-througput applications, but the algorithms and the data structures need to be redesigned to be parallelized and adapted to the underlining hardware, coping with the limitations imposed by these architectures. In this paper we present an efficient implementation of the Aho-Corasick pattern matching algorithm on GPU, showing how we progressively redesigned the algorithm and the data structures to fit on the architecture and comparing it with equivalent implementations on the CPU and with previous work. We show that with realistic TCP-IP workloads and signatures, our implementation obtains a speedup of 6.5 with respect to CPU implementations and of two times when compared to previous GPU solutions.